» JDownloader2Update.exe
Overview
Analysis
File Details
Network (6)

JDownloader2Update.exe

JDownloader Update

Appwork GmbH

The installer utilizes the installCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application JDownloader2Update.exe, “JDownloader 2 Update Launcher” by Appwork GmbH has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

Publisher:

Appwork GmbH (signed and verified)

Product:

JDownloader Update

Description:

JDownloader 2 Update Launcher

Version:

2.0.0.0

MD5:

8700cf83df1284b5bb599c477d4da149

SHA-1:

c0f92f8407d1a0fb8fff5ad9249732b10ce0c626

SHA-256:

feafbdd0ad26618d9eae0dbf2924640a2b25c1badcfeef3e4e90478edfe9b9f6

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/19/2024 10:43:04 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/ATRAPS.Gen

7.11.30.172

Dr.Web

Trojan.InstallCore.29

9.0.1.093

Reason Heuristics

PUP.Bundler.installCore

15.4.3.8

File size:

228.2 KB (233,720 bytes)

Product version:

2.0

Original file name:

JDownloader2Update.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\jdownloader 2.0\jdownloader2update.exe

Digital Signature

Signed by:

Appwork GmbH

Authority:

thawte, Inc.

Valid from:

1/28/2015 2:00:00 AM

Valid to:

1/29/2016 1:59:59 AM

Subject:

CN=Appwork GmbH, O=Appwork GmbH, L=Fürth, S=Bayern, C=DE

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

5CA15B949EC0CBCECEB7C57981B033A8

File PE Metadata

Compilation timestamp:

9/24/2014 11:15:09 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:fLBunHbFXO6AOitdNu/S51MOY+zAwFiKXjHtu0:fLB0FF6dc/S5yOY+zbF1r

Entry address:

0x11AFE

Entry point:

E8, 21, AC, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 38, CC, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 3C, CC, 42, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, EA, 07, 00, 00, 85, C0, 75, 06, B8, A0, CD, 42, 00, C3, 83, C0, 08, C3, E8, D7, 07, 00, 00, 85, C0, 75, 06, B8, A4, CD, 42, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08... 
[+]

Entropy:

6.7533

Code size:

142.5 KB (145,920 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to static.139.123.201.138.clients.your-server.de (138.201.123.139:80)

TCP (HTTP):

Connects to cdn4.appwork.org (176.9.34.43:80)

TCP (HTTP SSL):

Connects to lu4.api.mega.nz (31.216.147.135:443)

TCP (HTTP):

Connects to update3.jdownloader.org (78.46.69.237:80)

TCP (HTTP):

Connects to cdn5.appwork.org (46.4.126.3:80)

TCP (HTTP):

Connects to api.jdownloader.org (88.99.115.46:80)

Remove JDownloader2Update.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.